---
id: oauth2-token-introspection-hydra
title: Connect to ORY Hydra OAuth2 Token Introspection
---

This document is a work in progress.

## Synchronize Access Token / OAuth2 Scope Strategy

When using ORY Oathkeeper together with ORY Hydra the scope strategy needs to be
kept in sync.

ORY Oathkeeper sends the scope as part of the introspection request.
[(More about token introspection)](https://www.oauth.com/oauth2-servers/token-introspection-endpoint/)

[Hydra](https://www.ory.sh/hydra/docs/guides/oauth2-token-introspection/)
processes this scope parameter (which is actually not defined in the OAuth2
Introspection RFC) according to the scope strategy defined in Hydra.

The scope strategy defined in ORY Oathkeeper serves as a fallback for when
OAuth2 servers do not implement this feature.

Therefore, these two settings must be kept in sync.

[Here](https://www.ory.sh/hydra/docs/reference/api#parameters-27) you can find
the Hydra setting and
[here](https://www.ory.sh/oathkeeper/docs/v0.37/pipeline/authn/#configuration-5)
the respective one for Oathkeeper.

The same problem would arise if you configure your client to be allowed to
request scope foo and your OAuth2 request requests foo.bar.
